We are trying to retrieve data from our internally hosted services to display using a Freshdesk app.
In order to do this we must make two calls, one to authenticate with our API gateway(Kong) and a second to use the retrieved token to get our data.
I would like to use the Oauth method to make this more secure as currently the access token used for the second call can plainly be seen in the network request.
The issue is, the Oauth method works using an authorization flow, requiring a /authorize endpoint, however our systems use a client credentials flow which does not use a /authorize endpoint, but rather only use a /token endpoint.
Is it possible to use the Oauth method with a client credentials flow or is there another way to make sure that the access token cannot be seen when sending the second request?